The policy file can be explicitly requested by making the call:

Security.loadPolicyFile("host.withpolicyfile.com:843");

Or you can trust it will implicitly make the request when you attempt a socket connection. The policy is valid for a particular IP address over the life of the SWF. A policy request consists of the following line, nothing more:

<policy-file-request/>

And the correct response is the policy file, followed by a null byte. My example policy server file will not be so picky about it’s request, use it at your own risk. Adobe has one that actually checks to see if the request was formatted correctly before sending the response. Furthermore, rather than reading in an actual policy file, my example hard codes it into the policy server.

Here is a sample policy file, it is provided by Adobe. You can make whatever changes you need to, as I did in mine:

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "/xml/dtds/cross-domain-policy.dtd">

<!-- Policy file for xmlsocket://socks.example.com -->
<cross-domain-policy> 

   <!-- This is a master socket policy file -->
   <!-- No other socket policies on the host will be permitted -->
   <site-control permitted-cross-domain-policies="master-only"/>

   <!-- Instead of setting to-ports="*", administrator's can use ranges and commas -->
   <!-- This will allow access to ports 123, 456, 457 and 458 -->
   <!--allow-access-from domain="swf.example.com" to-ports="123,456-458" /-->
   <allow-access-from domain="*" to-ports="80" />
</cross-domain-policy>

And here is the Perl code that runs the policy server. You can see it is just a basic socket server. Adobe’s version of this (which I based mine off) allows you to pass in the port as well as the path to the policy file. This is a stripped down version of that server, with most of the essentials hard coded.

use Socket;

my $NULLBYTE = pack('c', 0);
my $port = 843;
my $content ='<?xml version="1.0"?>'."\n" .
'<!DOCTYPE cross-domain-policy SYSTEM "/xml/dtds/cross-domain-policy.dtd">'."\n" .
'<cross-domain-policy>' . "\n" .
   '<site-control permitted-cross-domain-policies="master-only"/>'."\n" .
   '<allow-access-from domain="*" to-ports="80" />'."\n" .
'</cross-domain-policy>'."\n";

socket    (LISTENSOCK, PF_INET, SOCK_STREAM, getprotobyname('tcp'))
          or die "socket() error: $!";
setsockopt(LISTENSOCK, SOL_SOCKET, SO_REUSEADDR, pack('l', 1))
          or die "setsockopt() error: $!";
bind      (LISTENSOCK, sockaddr_in($port, INADDR_ANY))
          or die "bind() error: $!";
listen    (LISTENSOCK, SOMAXCONN)
          or die "listen() error: $!";

while ( my $clientAddr = accept(CONNSOCK, LISTENSOCK)) {
    my ($clientPort, $clientIp)= sockaddr_in($clientAddr);
    my $clientIpStr = inet_ntoa($clientIp);

   # Consume the request
    local $/ = $NULLBYTE;
    my $request = <CONNSOCK>;
    chomp $request;

   # Send the policy file
    print CONNSOCK $content;
    print CONNSOCK $NULLBYTE;
    close CONNSOCK;
}
}

Remember to open port 843 (in Fedora Core) by adding the following line in /etc/sysconfig/iptables :

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 843 -j ACCEPT

Then reload the iptables:

/etc/init.d/iptables restart

Even in Flex, most applications will connect to a backend server that’s running an HTTP service (which queries the database on behalf of Flex), but I’m even going to depart from that in this post. I’m going to be demonstrating how to make socket calls to another service. You could apply this to making HTTP requests on port 80, make requests directly to a MySQL server running on port 3306. In this particular post, I will keep it simple by demonstrating how to make an HTTP request.

You declare socket like this:

import flash.net.Socket;

private var socket : Socket;

Inside an initialization method, we will add a listener for the CONNECT event, and the SOCKET_DATA event. The CONNECT event alerts us when the connection has been made, and allows us to send our request. The SOCKET_DATA event is triggered whenever there is data waiting to be read from the socket.

socket = new Socket();
socket.addEventListener( Event.CONNECT, onConnect);
socker.addEventListener( ProgressEvent.SOCKET_DATA, onSocketData);

At some point you will need to call connect on the socket, which accepts the URL of the server and the port it will be connecting to. In the onConnect() method, you will write the request using one of the writeXXX() methods, and call flush() which actually sends the data over the wire.

socket.connect(txtUrl.text, 80);

private function onConnect(event : Event) : void {
   var requestString : String = getHttp_1_1Request();
   socket.writeUTFBytes(requestString);
   socket.flush();
}

As not all socket data will be available at once, as in most client programs, you will want to read the data in a loop, using one of the readXXX() methods.

private function onSocketData(event : ProgressEvent) : void {
   while (socket.bytesAvailable) {
      txtResponse.text += socket.readUTFBytes(socket.bytesAvailable);
   }
   socket.close();
}

In general you would be checking for the end of the response you’re expecting (based on protocol), to simplify things I simply close the socket after the while loop exits the first time. If you leave the socket open for too long without reading data, I have noticed that I receive the following error, regardless of whether I have the correct policy file including cross-domain.xml:

Error #2044: Unhandled securityError:. filename.swf text=Error #2048: Security sandbox violation cannot load data from the.host.name

In this example, the raw output received from the socket request will be shown in the text box. You can download the complete source to this example here (where you may also view a screencast demo of this procedure).

Depending on what version of the Flash Player you’re running, this example may not run as-is if the server you are connecting to does not implement the policy-file (served from port 843. I will be discussing this in an upcoming post where I delve into a little more advanced socket programming in Flex, including how and where to deploy a master policy file.

There is a register.php script residing on the load balancer, accessible via HTTP.
There is a deregister.php script residing on the load balancer, accessible via HTTP.
There is a register_with_lb.pl script residing on the web server, in /usr/local/bin/.
There is a deregister_with_lb.pl script residing on the web server, in /usr/local/bin/.
There is a MySQL database that stores the current configuration state, on it are two stored procedures register_lb and deregister_lb.

No changes were made to register.php as described in this post , though I’m considering some alterations to increase its security.

The biggest difference between register.php and deregister.php (aside from their purpose) is where the insert/delete database code is called from and why. When register.php is called by the web server, it will have already inserted information about itself into the database, including its hash. I made the decision that I did not want the load balancer responsible for inserting servers into the database. It would merely check that the requesting server inserted itself, and then regenerate the balancer_members.conf.

In the case of deregister.php I decided I wanted the server making the call to still be in the database so the script could verify the identity before removing it and regeneration the balancer_members. And since the deregistration SQL is contained within a stored procedure, I needed to make some changes to the script (as compared to register.php) regarding the database.

Specifically, the standard mysql library cannot call stored procedures. So I had to convert it to using mysqli, which is a similar, though more OO approach. The portion of the code that regenerates the balancer_members.conf is similar enough that I won’t re-list it here, but I will show how to connect using mysqli, and how to call a stored procedure.

$mysqli = new mysqli($dbhost, $dbuser, $dbpass, $dbname);
if (mysqli_connect_errno()) {
  printf("Connect failed: %s\n", mysqli_connect_error());
}

$query = "SELECT count(*) as count FROM " . $dbtable . " WHERE ip='" . $_SERVER['REMOTE_ADDR'] . "';";
$result = $mysqli->query($query);
$row = $result->fetch_row();
echo $row[0];

if ($row[0] >= 1) {
  $del_query = "call deregister_lb('" . $_SERVER['REMOTE_ADDR'] . "');";
  $del_result = $mysqli->query($del_query);

  //<code for regenerating the conf file removed here>

  echo exec('echo "' . $file . '" > /etc/httpd/conf.d/balancer_members.conf');
  echo exec("sudo /usr/local/bin/reload_httpd");
}

As you can see, I’m using the actual REMOTE_ADDR to determine the validity of the request.

Here is the code for the deregister_lb stored procedure:

DROP PROCEDURE IF EXISTS deregister_lb $$

CREATE PROCEDURE deregister_lb ( ip VARCHAR(100) )
  BEGIN
    DELETE FROM lb2_members
	WHERE ip=_ip;
  END $$

and also for the register_lb stored procedure:

DROP PROCEDURE IF EXISTS register_lb $$
CREATE PROCEDURE register_lb (
  _hostname VARCHAR(100),
  _ip VARCHAR(40),
  _loadfactor INT,
  _hash VARCHAR(100)
  )

  BEGIN
    DECLARE already_exists INT DEFAULT 0;
    SELECT count(*) INTO already_exists FROM lb2_members WHERE hash=_hash;

    IF already_exists=1 THEN
	  UPDATE lb2_members
	  SET hostname=_hostname, ip=_ip, loadfactor=_loadfactor
	  WHERE hash=_hash;
    ELSE
      INSERT INTO lb2_members (ip, hostname, loadfactor, hash)
	  VALUES (_ip, _hostname, _loadfactor, _hash);
    END IF;
  END $$

Note that I’ve omitted the code that changes the delimiter to $$ instead of a semicolon.

This perl script uses perl DBI for accessing the database. I had to get that installed on my web server since it wasn’t already. Normally you can install perl packages using the cpan command. In which case you would issue the following commands to install DBI and a MySQL driver for it:

cpan DBI
cpan DBD::mysql

If it’s the first time you’ve run cpan, you will need to go through some configuration. It’s pretty much self explanatory, and I just accepted all of the defaults. Everything installed correctly except for the MySQL driver, which I ended up having to install from source. If I had executed the command:

yum install mysql-devel.i386

first, then my cpan install of DBD::mysql might have worked, but I didn’t realize that until installing from source. In case you ever need to install a perl module from source, particularly the DBD::mysql driver, enter these commands (which I think is basically what cpan does):

yum install mysql-devel.i386 #(only requred in this particular instance)
wget http://www.cpan.org/modules/by-module/DBD/DBD-mysql-4.011.tar.gz
gzip -cd DBD-mysql-4.011.tar.gz | tar xf -
cd DBD-mysql-4.011 #(or whatever version you downloaded)
perl Makefile.PL
make

Here is how you connect to the database and call a stored procedure:

my $dsn = "DBI:mysql:host=mysql.host;database=lb_register";
my $dbh = DBI->connect ($dsn, "lbuser", "lbpasswd")
  or die "Cannot connect to MySQL server\n";

my $sql = "call register_lb('" . $localhost . "', '" . $localip . "', " . $loadfactor . ", '" .  $hash . "')";
$dbh->do($sql);

$dbh->disconnect();

After that, register_with_lb.pl opens a socket to the load balancer and makes an HTTP request over the socket. There are probably easier ways to do this, I just happened to have the socket code lying around and was glad to be able to reuse it. Here’s the gist of it, in case you’re interested:

# Parse the URI.
my $url = URI->new("http://load.balancer.com/register/register.php?hash=" . $hash);

# Parse these in from the command line
$host = $url->host;
$port = $url->port;
$resource = $url->path;
$query = $url->query;

# Initialize the socket
$socket = IO::Socket::INET->new ( Proto => "tcp", PeerAddr => $host, PeerPort => $port,);
unless ($socket) { die "Error connecting to $host" }
$socket->autoflush(1);

# Format the request
my $request = "GET " . $resource . (($query)?"?" . $query : "") . " HTTP/1.1" . $EOL . "Host: " . $host . $EOL . "User-agent: register_script" . $EOR;

# Use send() to make the request, and output the response.
# Not necessary in this example, but informational.
if ( $socket->send($request) ) {
  while ( <$socket> ) { print }
}

# Close the socket
close $socket;

The above code pretty much sums up deregister_from_lb.pl, since no database calls are made, a call is simply made to the deregister script. The line you would change is as follows:

my $url = URI->new("http://my.balancer.com/register/deregister.php");

Then make the files executable, and copy them to be used by the startup script described in the previous post:

chmod a+x register_with_lb.pl
chmod a+x deregister_with_lb.pl
cp register_with_lb.pl /usr/local/bin/
cp deregister_with_lb.pl /usr/local/bin

I don’t show it here, but right now my IP addresses are hard coded. There are a number of ways you can find out your actual IP address from within perl, I’m just not doing that right now.

As an additional security measure, I’ve restricted access to the /register/ location on the load balancer to the IP address range I expect my web servers to be from, like this:

<Location /register>
  Order Deny,Allow
  Deny from all
  Allow from 10.0.0.
</Location>

And now you have a web server that can register automatically (if you’ve gone through the previous two posts as well) with a mod_proxy_balancer load balancer.

I did some searching around to find a way to determine your IP address from inside the perl script. This is a simple way if your server has a public IP address and reverse DNS set up correctly for that IP address:

use Socket;
use Sys::Hostname;
my $host = hostname();
my $addr = inet_ntoa(scalar(gethostbyname($host)) || 'localhost');

If your slave web servers are on a private network, the above command will return the loopback IP address (127.0.0.1) which isn’t useful for the load balancer (I wonder if it would start an infinite loop and crash the load balancer?). I found a function that prints out the IP address by parsing it out from the results of the ifconfig command.

It seemed a little long to just rip off and copy verbatim. So here’s a link to that code (which is what I’m using now) in case you’d like to use it. Perl script to get IP address.

This is actually the last thing I did, but I’m ordering it first because it’s a bit more general. My goal was to have a script that I could call as follows to register with my load balancer manually:

service lb_register start|stop|status|restart|reload|force-reload

And then also to register this service to be called at startup and shutdown, to register and deregister with the load balancer respectively.

Let’s start with creating the script. You can find tutorials for creating shell scripts just about anywhere on the web. I found it easier to take an existing script from the /etc/init.d/ directory, clear it out and start from that shell. Ironically the one that I chose was the startup script for Pound, another load balancer (a very good one, I might add). It shouldn’t matter which one you use, since all we’re really after is the format. The basic format is essentially the same for all of them: you have your function definitions at the top, and a case statement at the bottom.

The cases match the option parameters (start and stop are very common, as well as the others listed above in the callout). And the case blocks generally call one or more of the functions. I won’t list the case statement in this post as they are all very similar. There are some important things to note in the function definitions, though.

Here is the definition for my start() function:

start() {
   echo -n $"Registering with the load balancer:"
   ./usr/local/bin/register_with_lb.pl
   touch /var/lock/subsys/lb_register
}

You can see that I call a perl script (which presumably registers with the load balancer). Then I touch a file in the /var/lock/subsys/ directory. This is very important if you want a script to automatically run at shutdown. At shutdown the rc script will check for the presence of this file, if it is there it will call stop(). If it is not there, it assumes the service is stopped already and will not call stop() on the service.

My stop function:

stop() {
   echo -n $"Deregistering with the load balancer: "
   ./usr/local/bin/deregister_with_lb.pl
   rm -f /var/lock/subsys/lb_register
}

This calls the deregister perl script, and then removes the lock file for good housekeeping. There is one more thing about the script itself I want to mention before moving on to the registration. There is a line in the comments of most of the scripts (if not all) in /etc/init.d/ that will look something like this:

# chkconfig: - 85 10

or

# chkconfig: 2345 55 15

These are directives to chkconfig (the command we’ll be getting to in a moment) on how to set this script up. The – or the first grouping of numbers deal with the run levels. It tells chkconfig what levels this script will be turned “on”. It is assumed that it will be “off” in the omitted ones.

The second number is a startup priority, different scripts can have different startup priorities in case there are prerequisite dependencies. In the two examples above, the script containing the bottom directive would run before the script containing the bottom one. The last number is the shutdown priority, which is the same thing only during the shutdown process.

Once you have your script, you will need to run the chkconfig command. To add your script to the startup process:

chkconfig --add lb_register

And should you need to remove it:

chkconfig --del lb_register

If you’ve done everything correctly, register_with_lb.pl will be called at startup, and deregister_with_lb.pl will be called at shutdown. If it doesn’t, check that you’re touching the pid file, and that your scripts are executable. You will also be able to make calls like this to deregister and register manually:

service lb_register start
service lb_register restart
service lb_register stop

I should mention a few sites that helped me out quite a bit:
Linux Init Processes
Introduction to BASH Programming
An interesting script for creating new scripts

Here is my flowchart for how self registration will work:
1. Server comes online.
2. A startup script will register itself with the MySQL database (including hostname, ip, loadfactor, and a hash that it will generate in some way).
3. The server will then call a PHP script on the load balancer: “register/register.php”.
4. The PHP script will verify that a server sent the request.
5. The PHP script will query the database to get the current list of balancer members, and regenerate the balancer_members.conf file.
6. The PHP script will then issue a command to reload Apache’s configuration files.

Deregistration, which my PHP script as presented doesn’t display, will work as follows:
1. Server sends its hash to the PHP script, and shuts down.
2. The PHP script will check the hash against the database.
3. The PHP script will remove the server from the database.
4. The PHP script will repeat steps 5 and 6 above.

First, set up the database and created a user with sufficient privileges.

CREATE DATABASE lb_register;
GRANT ALL ON lb_register.* TO 'lbuser'@'%' IDENTIFIED BY 'password';

CREATE TABLE lb2_members(
ip VARCHAR(20) NOT NULL PRIMARY KEY,
hostname VARCHAR(100) NOT NULL,
loadfactor INT NOT NULL DEFAULT 0,
hash VARCHAR(40) );

Second, create the PHP script.

$dbhost = "mysql.host.com";
$dbuser = "lbuser";
$dbpass = "password";
$dbname = "lb_register";
$dbtable = "lb2_members";

$conn = mysql_connect($dbhost, $dbuser, $dbpass) or die (mysql_error());
mysql_select_db($dbname);

$query = "SELECT count(*) as count FROM " . $dbtable . " WHERE hash='" . $_GET['hash'] . "';";
$result = mysql_query($query);

$row = mysql_fetch_assoc(mysql_query($query));
if ($row['count'] >= 1) {

  $file = "<Proxy balancer://mycluster>" . "\n";
  $member_query = "SELECT hostname, loadfactor FROM " . $dbtable . ";";
  $member_result = mysql_query($member_query);

  while ($row = mysql_fetch_array($member_result, MYSQL_BOTH)) {
    $file .= "   BalancerMember http://" . $row['hostname'] . " ";
    $file .= ($row['loadfactor'] > 1) ? ("loadfactor=" . $row['loadfactor'] . "\n") : "\n";
  }
  $file .= "</Proxy>";

  exec('echo "' . $file . '" > /etc/httpd/conf.d/balancer_members.conf');
  exec("sudo /usr/local/bin/reload_httpd");
}

mysql_close($conn);

You can tell a few things about the server configuration by looking at the script:
1. User apache will need to be able to write to the “/etc/httpd/conf.d/balancer_members.conf” file.
2. User apache will need to be able to execute the script “/usr/local/bin/reload_httpd”.
3. User apache will need sudoer rights.
4. This script was used for debugging, and not by a server that is actually registering… tyou can see that deregistration is not handled yet.

To grant write privileges to apache, I changed the owner of the balancer_members.conf to apache.

 chown apache /etc/httpd/conf.d/balancer_members.conf

This is probably the least secure aspect of my solution, as if the apache user were compromised, then any directives could be written to this file. I’m not sure how big a threat this is, but it’s something that concerns me at least enough to think about this some more (and invite suggestions).

Next is to grant apache privileges to execute “/usr/local/bin/reload_httpd”. We could accomplish this the same as we did above, but then it wouldn’t allow apache to execute what’s inside of the script, which is this:

#!/bin/bash
service httpd reload

unless we give execution rights to apache on service, which we don’t want. What we also don’t want is for apache to be able to write to the file reload_httpd. So what I ended up doing was, as you see in the script, to make root the owner of reload_httpd and remove write privileges for all (so apache couldn’t change it) and then add apache to the sudoers file, granting rights to execute this script without a password.

visudo

is the generally accepted way to edit the sudoers file. And I added this line:

apache ALL=(ALL) NOPASSWD: /usr/local/bin/reload_httpd

I’m open to more secure ways of implementing this aspect as well, as I don’t consider myself a sudo configuration expert. I think this gives apache rights to execute everything from anywhere if he knows the password; but he can also execute the /usr/local/bin/reload_httpd script without a password.

I also had to comment out the line:

#Defaults   requiretty

to allow sudo to function properly from a script not executed in a terminal.

Finally I had to disable proxying for the register script in my balancer.conf file:

ProxyPass /register/ !

And then your server is configured to dynamically update its list of balance members, you can check by going to the balancer-manager if you’ve got that enabled. Next I will discuss how to handle the web server side of things.

The recipe itself is straightforward, taking up just over a page. I was able to get a basic load balancer working within a few minutes by following the recipe, but for some reason I couldn’t get the balancer-manager site to load correctly. The following directives should configure the balancer-manager:

<Location /balancer-manager>
  SetHandler balancer-manager
  Order Deny,Allow
  Allow from all
</Location>

When I would start the server, however, I got an HTTP 500 error response, with this message in the log:

[Tue Feb 02 12:49:09 2010] [warn] proxy: No protocol handler was valid for the URL /balancer-manager. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.

My searches on Google were fruitless: most people were able to solve the problem by ensuring these lines were added to their httpd.conf:

LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so

But they were already included in my conf file, so no dice. Other people solved their problem by loading the mod_proxy_html.so, which doesn’t come on a standard install of Apache. I ended up compiling it from source (learned a lot about compiling Apache shared modules) but that didn’t work for me either.

Eventually I realized that the only time my requests were being proxied to the BalancerMembers was when I was at the URL root, for example tacking on an ‘index.php’ to the URL would generate the same error as trying to access ‘balancer-manager’. And about that time I stumbled upon a user who was able to solve their problem by adding a few rewrite rules… which caused me to finally understand part of my problem.

The reason ‘balancer-manager’ wasn’t loading correctly was because that request was being proxied to the BalancerMember, which didn’t have ‘balancer-manager’ enabled (hence the ‘no protocol handler error’). This still didn’t explain why ‘index.php’ wasn’t working, either, since I knew index.php was on the BalancerMembers.

These discoveries quickly culminated into leading me to my solution, which was a missing trailing-slash in my ProxyPass directive. That’s what was causing my ‘index.php’ to not be proxied. Once I realized the problem was in my ProxyPass– reading the documentation also taught me that there’s a way to keep certain requests from being proxied (which solved my ‘balancer-manager’ issue).

So I present to you, my completed (and functional) balancer.conf. And remember, the trailing slash at the end of the ProxyPass directive IS CRUCIAL!

ProxyPass /balancer-manager !  # Prevents balancer-manager from being proxied.
ProxyPass / balancer://mycluster/
ProxyPassReverse / balancer://mycluster/

<Proxy balancer://mycluster>
  BalancerMember http://10.0.0.10 loadfactor=2
  BalancerMember http://10.0.0.11
  BalancerMember http://10.0.0.12
</Proxy>

<Location /balancer-manager>
  SetHandler balancer-manager
  Order Allow,Deny
  Allow from all
</Location>

I hope this saves someone some time when searching on the particular error message I got. Now I’m off to figure out how to get my web servers to auto register with the balancer-manager. I will blog about it when I figure it out.

load_balancer -> (ws1, ws2, ws3) -> mysql_server

As you can see, it’s nothing fancy. To test the balancer, each web server has a PHP script that connects to the MySQL database and inserts its hostname and IP address. Then I could run a simple query to determine whether the balancer was distributing the load according to my rules.

The PHP script was basic too:

$dbhost = "mysql.host.com";
$dbuser = "testuser";
$dbpass = "testpass";

$conn = mysql_connect($dbhost, $dbuser, $dbpass) or die (mysql_error());
$dbname = "testdb";
mysql_select_db($dbname);

$query = "INSERT INTO testtable(ip, host) VALUES('" . $_SERVER["SERVER_ADDR"] . "', '" . $_SERVER["SERVER_NAME"] . "');";

print $query;
mysql_query($query);
mysql_close($conn);

I’ve done this a thousand times, so you can imagine my frustration at getting this error message:

[Mon Feb 01 16:22:21 2010] [error] [client 192.168.1.1] PHP Warning:  mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: Can't connect to MySQL server on 'mysql.host.com' (13) in /var/www/html/index.php on line 7

I spent almost 2 hours looking for various solutions. I’ll list the most common ones in case you’re searching for a solution and mine doesn’t work for you:
–Ensure that MySQL user permissions are configured correctly.
–Ensure that MySQL is running on the server and on the correct port
–Ensure that selinux is not blocking the MySQL port or the mysqld process

These three items can be tested by simply logging into MySQL from a remote host using the following command:

mysql -u testuser -p -h mysql.host.com testdb

If that gives you a MySQL prompt, you can rule out the above three causes.

Some of the less obvious suggestions, which didn’t solve my problem either were:
–Ensure MySQL is using the correct path to the mysql.sock in my.ini
–Ensure that the server wasn’t started with –skip-networking

Though I tried a number of configuration changes for both MySQL, the server MySQL was running on (including disabling selinux completely), and PHP, I failed to overlook that selinux was blocking Apache’s outgoing connections to the MySQL database.

So what finally solved my problem was disabling selinux completely on the server Apache was running on. I should have done this in the first place, as I normally do with my Linux desktop installations.

This can be accomplished by changing a line in /etc/selinux/config. Change the line that says:

SELINUX=enforcing

to

SELINUX=disabled

If you do some searching you can find out how to add an exception for Apache, after 2 hours I didn’t feel like fussing with those.

socket()→bind()→listen()→accept(), followed by sequences of read() and write().

For a client we will call these methods in this order:

socket()→connect(), followed by sequences of write() and read() depending on what your server does.

To illustrate, I will create a simple HTTP client in C++, which has the following usage:

client www.googolflex.com

It will then make a connection on port 80 of the server specified at the command line, send an HTTP 1.1 request, and then dump the response to the console.

It uses the following variables:

int sock;
struct sockaddr_in client;
int PORT = 80;

The first thing to do is initialize the socket structure, for this we need the IP address of the host. You can use the gethostbyname(char *) function to do that, which passes back a hostent structure. I have encapsulated the socket setup into a method, which shows how to extract the necessary values from the hostent struct, here:

void setupSocket(char* hostname) {
	struct hostent * host = gethostbyname(hostname);

	if ( (host == NULL) || (host->h_addr == NULL) ) {
		cout << "Error retrieving DNS information." << endl;
		exit(1);
	}

	bzero(&client, sizeof(client));
	client.sin_family = AF_INET;
	client.sin_port = htons( PORT );
	memcpy(&client.sin_addr, host->h_addr, host->h_length);

	sock = socket(AF_INET, SOCK_STREAM, 0);

	if (sock < 0) {
		cout << "Error creating socket." << endl;
		exit(1);
	}
}

If this method executes correctly, then we have a socket, and an address structure that we can use to call connect() with. Here is my encapsulating method:

void connectToHost(char* hostname) {
	if ( connect(sock, (struct sockaddr *)&client, sizeof(client)) < 0 ) {
		close(sock);
		cout << "Could not connect to " << hostname << endl;
		exit(1);
	}
}

Finally, we can call send()/write() and read()/recv(). This is where your protocol would be implemented, if you were to modify this for use with something other than simple HTTP requests. Here my sendRequest() and getResponse() methods:

void sendRequest(char* hostname) {
	string request = "GET / HTTP/1.1\r\nHost: ";
	request+= string(hostname);
	request += "\r\n\r\n";

	if (send(sock, request.c_str(), request.length(), 0) != (int)request.length()) {
		cout << "Error sending request." << endl;
		exit(1);
	}
}

void getResponse() {
	char cur;
	while ( read(sock, &cur, 1) > 0 ) {
		cout << cur;
	}
}

In main() I call these four methods in sequence, passing in the hostname parameter where needed. And that’s it. The full source is included at the end of the post.

Socket connections really aren’t that difficult once you’ve done it several times. Next I will be demonstrating how to set up a simple client in Flex using a client. Many scripting languages have abstracted away much of the difficulty surrounding socket connections (as we will see with Flex) leaving you to focus on implementing your protocol.

Download the source for simpleclient here. It can be compiled as follows:

g++ -Wall -o client simpleclient.cpp